Search results for "Security"
showing 10 items of 1693 documents
Insecure Firmware and Wireless Technologies as “Achilles’ Heel” in Cybersecurity of Cyber-Physical Systems
2022
In this chapter, we analyze cybersecurity weaknesses in three use-cases of real-world cyber-physical systems: transportation (aviation), remote explosives and robotic weapons (fireworks pyrotechnics), and physical security (CCTV). The digitalization, interconnection, and IoT-nature of cyber-physical systems make them attractive targets. It is crucial to ensure that such systems are protected from cyber attacks, and therefore it is equally important to study and understand their major weaknesses. peerReviewed
IoT/Embedded vs. Security : Learn from the Past, Apply to the Present, Prepare for the Future
2018
It is expected there will be 50 billion IoT/embedded connected devices by 2020. At the same time, multiple recent studies revealed that IoT/embedded devices and their software/firmware is plagued with weaknesses and vulnerabilities. Moreover, various recent and prominent attacks, such as the Mirai botnet targeting Commercial Off-The-Shelf (COTS) IoT/embedded devices, and the ROCA attack targeting secure embedded hardware chips (in their many form-factors), clearly demonstrate the need to secure the many layers and components of the highly fragmented and heterogeneous ecosystem of IoT/embedded devices. In this paper we aim to explore, discuss and exemplify some research aspects and direction…
Exploring determinants of different information security behaviors
2016
Aim: The aim was to introduce new explanatory construct, namely illegitimate tasks from Stress-as-Offense-to-Self Theory (SOS), to better understand information security behavior (ISB). In addition, more commonly used constructs from Deterrence theory (DT) and Protection Motivation Theory (PMT) were used to explain ISB. This study also investigated several behaviors separately to evaluate the generalizability of the behavioral determinants. Methods: Four ISBs, namely general ISP compliance (ISP), not copying sensitive information to the unsecured USB drive (USB), locking or logging out from the computer (LOG), and not writing down passwords (PSW). Formal and informal sanctions from DT, thre…
Supporting Cyber Resilience with Semantic Wiki
2016
Cyber resilient organizations, their functions and computing infrastructures, should be tolerant towards rapid and unexpected changes in the environment. Information security is an organization-wide common mission; whose success strongly depends on efficient knowledge sharing. For this purpose, semantic wikis have proved their strength as a flexible collaboration and knowledge sharing platforms. However, there has not been notable academic research on how semantic wikis could be used as information security management platform in organizations for improved cyber resilience. In this paper, we propose to use semantic wiki as an agile information security management platform. More precisely, t…
Remote Attestation of Software and Execution-Environment in Modern Machines
2015
The research on network security concentrates mainly on securing the communication channels between two endpoints, which is insufficient if the authenticity of one of the endpoints cannot be determined with certainty. Previously presented methods that allow one endpoint, the authentication authority, to authenticate another remote machine. These methods are inadequate for modern machines that have multiple processors, introduce virtualization extensions, have a greater variety of side effects, and suffer from nondeterminism. This paper addresses the advances of modern machines with respect to the method presented by Kennell. The authors describe how a remote attestation procedure, involving…
Anomaly detection approach to keystroke dynamics based user authentication
2017
Keystroke dynamics is one of the authentication mechanisms which uses natural typing pattern of a user for identification. In this work, we introduced Dependence Clustering based approach to user authentication using keystroke dynamics. In addition, we applied a k-NN-based approach that demonstrated strong results. Most of the existing approaches use only genuine users data for training and validation. We designed a cross validation procedure with artificially generated impostor samples that improves the learning process yet allows fair comparison to previous works. We evaluated the methods using the CMU keystroke dynamics benchmark dataset. Both proposed approaches outperformed the previou…
Employees’ adherence to information security policies: An exploratory field study
2014
The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive Evaluation Theory. We validated the model by using a sample of 669 responses from four corporations in Finland. The SEM-based results showed that perceived severity of potential information security threats, employees' belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees…
Adaptive framework for network traffic classification using dimensionality reduction and clustering
2012
Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting malicious queries or code. However, these attack attempts are often recorded in server logs. Analyzing these logs could be a way to detect intrusions either periodically or in real time. We propose a framework that preprocesses and analyzes these log files. HTTP queries are transformed to numerical matrices using n-gram analysis. The dimensionality of these matrices is reduced using principal component analysis and diffusion map methodology. Abnormal log lines can then …
Software-as-a-Service Revenue Models
2013
This paper give an overview of the three main revenue models, focusing on the advantages and disadvantages for SaaS providers and their customers. Also identify the most effective revenue model for particular situations.
Is My Office 365 GDPR Compliant? : Security Issues in Authentication and Administration
2018
The General Data Protection Regulation, commonly referred as GDPR, will be enforced in all European Union countries in May 2018. GDPR sets requirements for processing EU citizens’ personal data regardless of the physical location of the organisation processing the data. Over 40 percent of European organisations are using Office 365. Microsoft claims that Office 365 service is GDPR compliant, and has provided tools to help Office 365 customers to ensure their GDPR compliancy. In this paper, we present some security issues related to the very foundation of Office 365 service, namely Azure Active Directory and administrative tools, and assess their GDPR compliancy. Our findings reveal that per…